fix: restore legacy oauth callback fragment compatibility

2026-04-21 11:00:18 +08:00
parent f398650166
commit 33b208ab6f
4 changed files with 282 additions and 36 deletions
--- a/frontend/src/views/auth/tests/OidcCallbackView.spec.ts
+++ b/frontend/src/views/auth/tests/OidcCallbackView.spec.ts
@@ -92,6 +92,74 @@ describe('OidcCallbackView', () => {
      turnstile_enabled: false,
      turnstile_site_key: ''
    })
+    window.location.hash = ''
+    localStorage.clear()
+  })
+
+  it('accepts the legacy fragment token success callback without pending-session exchange', async () => {
+    window.location.hash =
+      '#access_token=legacy-access-token&refresh_token=legacy-refresh-token&expires_in=3600&token_type=Bearer&redirect=%2Flegacy-dashboard'
+    setToken.mockResolvedValue({})
+
+    mount(OidcCallbackView, {
+      global: {
+        stubs: {
+          AuthLayout: { template: '<div><slot /></div>' },
+          Icon: true,
+          RouterLink: { template: '<a><slot /></a>' },
+          transition: false
+        }
+      }
+    })
+
+    await flushPromises()
+
+    expect(exchangePendingOAuthCompletion).not.toHaveBeenCalled()
+    expect(setToken).toHaveBeenCalledWith('legacy-access-token')
+    expect(localStorage.getItem('refresh_token')).toBe('legacy-refresh-token')
+    expect(localStorage.getItem('token_expires_at')).not.toBeNull()
+    expect(showSuccess).toHaveBeenCalledWith('auth.loginSuccess')
+    expect(replace).toHaveBeenCalledWith('/legacy-dashboard')
+  })
+
+  it('accepts the legacy pending oauth invitation fragment without pending-session exchange', async () => {
+    window.location.hash = '#error=invitation_required&pending_oauth_token=legacy-pending-token&redirect=%2Flegacy-invite'
+    apiClientPost.mockResolvedValue({
+      data: {
+        access_token: 'legacy-access-token',
+        refresh_token: 'legacy-refresh-token',
+        expires_in: 3600,
+        token_type: 'Bearer'
+      }
+    })
+    setToken.mockResolvedValue({})
+
+    const wrapper = mount(OidcCallbackView, {
+      global: {
+        stubs: {
+          AuthLayout: { template: '<div><slot /></div>' },
+          Icon: true,
+          RouterLink: { template: '<a><slot /></a>' },
+          transition: false
+        }
+      }
+    })
+
+    await flushPromises()
+
+    expect(exchangePendingOAuthCompletion).not.toHaveBeenCalled()
+    await wrapper.find('input[type="text"]').setValue('invite-code')
+    await wrapper.find('button').trigger('click')
+    await flushPromises()
+
+    expect(apiClientPost).toHaveBeenCalledWith('/auth/oauth/oidc/complete-registration', {
+      adopt_display_name: true,
+      adopt_avatar: true,
+      pending_oauth_token: 'legacy-pending-token',
+      invitation_code: 'invite-code'
+    })
+    expect(setToken).toHaveBeenCalledWith('legacy-access-token')
+    expect(replace).toHaveBeenCalledWith('/legacy-invite')
  })

  it('does not send adoption decisions during the initial exchange', async () => {